Specialist: Cyber Security Threat Hunter

**_ Equity Statement :Preference will be given to suitably qualified Applicants who are members of the_**
**_designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating_**
**_Division._**

**_ Alternative Application Methods: (Completed Curriculum Vitae to be submitted)_**

Post :, Transnet Group Services, Shared Services, Johannesburg ,

E-mail:
Fax:
before the closing date of the advertisement.

Note: if you have not been contacted within 30 days of the closing date of this advertisement please consider your

We urge all our employees, clients, members of the public and our suppliers to report any kind of fraud or corruption at

**_ Operating Division : Transnet Freight Rail_**

**_ Position Title : Specialist: Cyber Security Threat Hunter_**

**_ Employee Group : Permanent_**

**_ Department : ICT_**

**_ Location : Parktown_**

**_ Reporting To : Head: Governance, Risk, Compliance & Cyb_**

**_ Grade Level : F_**

**_ Reference Number : 50019644_**

**_ Position Purpose:_**

Cyber Security Threat Hunter:
The purpose of this role is to Develop and implement a proactive, ongoing and ever evolving discipline to prevent, detect,

monitor and analyse cybersecurity traffic activities across the entire TFR network. The incumbent should be able to employ

advanced detection technologies that go beyond the traditional technologies such as security information & event

management (SIEM), endpoint detection & response (EDR) and others.
- Investigate possible anomalies to find any yet to be discovered malicious activities that could lead to a full-blown breach.
- Be able to use a combination of advanced analytics, machine learning and rule-based detection to identify suspicious

activities throughout the network

continuity, networking, risk management, etc.
- Research security trends, new methods and techniques used in order to pre-emptively eliminate the possibility of system

breaches
- Identify threat actors based on the environment, domain and attack behaviours
- Install software that monitors systems and networks for security breaches and intrusions
- Perform intelligence-driven network defence supporting the monitoring and incident response capabilities.
- Responsible for the detection of the threat actors to zero ransomware infections, brings deep knowledge of the attacker

landscape and tradecraft to create the innovations necessary to uncover and prevent even the most well-funded attacker.
- Ensure that proactive measures are put in place to detect any possible cyber threats before they materialise, mitigate

threats before they compromise an organization and has the ability to act swiftly in containing the threats that have
- materialised to minimise impact operations, while triggering Cyber Security Incident Response Plan actions.
- Collect, process and analyse Cyber threats and warning assessments.
- Employ the best practice hunting frameworks (i.e The targeted hunting integrating threat intelligence framework, The MITRE

PRE-ATT&CK and ATT&CK framework)
**_ Position outputs:_**

Strategy
- Responsible for processes that are designed to enhance the Security Operations and Threat Intelligence workflow by

redesigning process and approach to operationalize the sharing and utilization of actionable intelligence and indicators.
- Benchmarking of leading and industry best practise and technology trends to ensure that threat detection, response and

remediation tools implemented are effective and enhance resilience to cyber threats in the ever-changing cyber threat
- landscape.
- Provide Trend analysis of Malicious Operations with mitigations to be included in the overall Risk assessment for the

organisation.
- Development and delivery of high-quality threat briefings, reporting and presentations by providing actionable intelligence to

the Cyber Security Incident Response Team in line with the approved PPSG’s.
- Information and Cyber Security Incidents and Events Management (SIEM)
- Responsible for the Security Incidents and Events Management processes intended to neutralize advanced threats that

might invade the security operations centre (SOC) resulting in the denial of service, disrupting business operations.
- Provide input towards Intelligence production, reporting, collection and operations which will support information

assessments for the purpose of informing leadership which will aid operational planning and execution.
- Monitor and report changes in threat dispositions, activities and tactics which relate to designated Cyber Operations

warning problem sets.
- Monitor open-source websites for hostile content directed towards TFR.
- Active monitoring of operational environment which fulfils leaderships priority on information requirements.
- Produce all cyber operations intelligence, indications and warnings in line with threat assessments.
- Conduct ethnical hostile intentional activity which could possibility impacts TFR’s operations and information